Re: arp table overflow due to windows worm (resolved)
Thank you guys so much. It's resolved. The problem was indeed that my
default route was via the external IP of my firewall so that it tried to
resolve all 188.8.131.52/16 IPs to mac addresses. Raising the arp cache
to 2^16 worked as a hot fix.
In my defense: When I started working here I did inquire about the
gateway to use and I was told I don't need one. I thought that odd back
then but didn't realize the implications of this. And it did work for
quite a while. Until now that is.
Now I've got a proper gateway entry that's outside of my net in a
neighbouring /24 subnet and I reduced the arp cache size to 1024 again.
And even though I can see 5 infected machine blasting through the
network right now everything works fine.